-Zmiri-permissive-provenance and SB wildcard tags

Author: carbotaniuman

src/bin/miri.rs

@@ -368,6 +368,11 @@ fn main() {
                     miri_config.tag_raw = true;
                     miri_config.check_number_validity = true;
                 }
+                "-Zmiri-permissive-provenance" => {
+                    miri_config.permissive_provenance = true;
+                    miri_config.tag_raw = true;
+                    miri_config.check_number_validity = true;
+                }
                 "-Zmiri-track-raw-pointers" => {
                     eprintln!(
                         "WARNING: -Zmiri-track-raw-pointers has been renamed to -Zmiri-tag-raw-pointers, the old name is deprecated."

src/eval.rs

@@ -112,6 +112,9 @@ pub struct MiriConfig {
     pub panic_on_unsupported: bool,
     /// Which style to use for printing backtraces.
     pub backtrace_style: BacktraceStyle,
+    /// Whether to enforce "permissive provenance" rules. Enabling this means int2ptr casts return
+    /// pointers with union provenance of all exposed pointers (and SB tags, if enabled).
+    pub permissive_provenance: bool,
     /// Whether to enforce "strict provenance" rules. Enabling this means int2ptr casts return
     /// pointers with an invalid provenance, i.e., not valid for any memory access.
     pub strict_provenance: bool,
@@ -140,6 +143,7 @@ impl Default for MiriConfig {
             measureme_out: None,
             panic_on_unsupported: false,
             backtrace_style: BacktraceStyle::Short,
+            permissive_provenance: false,
             strict_provenance: false,
         }
     }

src/intptrcast.rs

@@ -27,6 +27,9 @@ pub struct GlobalStateInner {
     /// This is used as a memory address when a new pointer is casted to an integer. It
     /// is always larger than any address that was previously made part of a block.
     next_base_addr: u64,
+    /// Whether to enforce "permissive provenance" rules. Enabling this means int2ptr casts return
+    /// pointers with union provenance of all exposed pointers (and SB tags, if enabled).
+    permissive_provenance: bool,
     /// Whether to enforce "strict provenance" rules. Enabling this means int2ptr casts return
     /// pointers with an invalid provenance, i.e., not valid for any memory access.
     strict_provenance: bool,
@@ -39,6 +42,7 @@ impl GlobalStateInner {
             base_addr: FxHashMap::default(),
             exposed: FxHashSet::default(),
             next_base_addr: STACK_ADDR,
+            permissive_provenance: config.permissive_provenance,
             strict_provenance: config.strict_provenance,
         }
     }
@@ -47,7 +51,7 @@ impl GlobalStateInner {
 impl<'mir, 'tcx> GlobalStateInner {
     // Returns the `AllocId` that corresponds to the specified addr,
     // or `None` if the addr is out of bounds
-    fn alloc_id_from_addr(addr: u64, ecx: &MiriEvalContext<'mir, 'tcx>) -> Option<AllocId> {
+    fn alloc_id_from_addr(ecx: &MiriEvalContext<'mir, 'tcx>, addr: u64) -> Option<AllocId> {
         let global_state = ecx.machine.intptrcast.borrow();
 
         if addr == 0 {
@@ -60,7 +64,7 @@ impl<'mir, 'tcx> GlobalStateInner {
             Ok(pos) => {
                 let (_, alloc_id) = global_state.int_to_ptr_map[pos];
 
-                if global_state.exposed.contains(&alloc_id) {
+                if !global_state.permissive_provenance || global_state.exposed.contains(&alloc_id) {
                     Some(global_state.int_to_ptr_map[pos].1)
                 } else {
                     None
@@ -75,7 +79,7 @@ impl<'mir, 'tcx> GlobalStateInner {
                 let offset = addr - glb;
                 // If the offset exceeds the size of the allocation, don't use this `alloc_id`.
 
-                if global_state.exposed.contains(&alloc_id)
+                if (!global_state.permissive_provenance || global_state.exposed.contains(&alloc_id))
                     && offset
                         <= ecx
                             .get_alloc_size_and_align(alloc_id, AllocCheck::MaybeDead)
@@ -91,13 +95,9 @@ impl<'mir, 'tcx> GlobalStateInner {
         }
     }
 
-    pub fn expose_addr(ecx: &MiriEvalContext<'mir, 'tcx>, ptr: Pointer<Tag>) {
+    pub fn expose_addr(ecx: &MiriEvalContext<'mir, 'tcx>, alloc_id: AllocId) {
         let mut global_state = ecx.machine.intptrcast.borrow_mut();
-        let (tag, _) = ptr.into_parts();
-
-        if let machine::AllocType::Concrete(alloc_id) = tag.alloc_id {
-            global_state.exposed.insert(alloc_id);
-        }
+        global_state.exposed.insert(alloc_id);
     }
 
     pub fn abs_ptr_to_rel(
@@ -109,7 +109,7 @@ impl<'mir, 'tcx> GlobalStateInner {
         let alloc_id = if let machine::AllocType::Concrete(alloc_id) = tag.alloc_id {
             alloc_id
         } else {
-            match GlobalStateInner::alloc_id_from_addr(addr.bytes(), ecx) {
+            match GlobalStateInner::alloc_id_from_addr(ecx, addr.bytes()) {
                 Some(alloc_id) => alloc_id,
                 None => return None,
             }
@@ -135,11 +135,22 @@ impl<'mir, 'tcx> GlobalStateInner {
             return Pointer::new(None, Size::from_bytes(addr));
         }
 
-        let alloc_id = GlobalStateInner::alloc_id_from_addr(addr, ecx);
+        let alloc_id = GlobalStateInner::alloc_id_from_addr(ecx, addr);
 
         // Pointers created from integers are untagged.
+
+        let sb = if let Some(stacked_borrows) = &ecx.machine.stacked_borrows {
+            if global_state.permissive_provenance {
+                stacked_borrows.borrow_mut().wildcard_tag()
+            } else {
+                SbTag::Untagged
+            }
+        } else {
+            SbTag::Untagged
+        };
+
         Pointer::new(
-            alloc_id.map(|_| Tag { alloc_id: machine::AllocType::Casted, sb: SbTag::Untagged }),
+            alloc_id.map(|_| Tag { alloc_id: machine::AllocType::Casted, sb }),
             Size::from_bytes(addr),
         )
     }

src/machine.rs

@@ -166,9 +166,6 @@ impl Provenance for Tag {
 /// Extra per-allocation data
 #[derive(Debug, Clone)]
 pub struct AllocExtra {
-    // TODO: this really doesn't need to be here,
-    // but we're forced to bodge it here for now
-    pub alloc_id: AllocId,
     /// Stacked Borrows state is only added if it is enabled.
     pub stacked_borrows: Option<stacked_borrows::AllocExtra>,
     /// Data race detection via the use of a vector-clock,
@@ -579,7 +576,7 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
         };
         let alloc: Allocation<Tag, Self::AllocExtra> = alloc.convert_tag_add_extra(
             &ecx.tcx,
-            AllocExtra { alloc_id: id, stacked_borrows: stacks, data_race: race_alloc },
+            AllocExtra { stacked_borrows: stacks, data_race: race_alloc },
             |ptr| Evaluator::tag_alloc_base_pointer(ecx, ptr),
         );
         Cow::Owned(alloc)
@@ -611,15 +608,29 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
 
     /// Convert a pointer with provenance into an allocation-offset pair,
     /// or a `None` with an absolute address if that conversion is not possible.
-    fn ptr_get_alloc(
+    fn ptr_reify_alloc(
         ecx: &MiriEvalContext<'mir, 'tcx>,
         ptr: Pointer<Self::PointerTag>,
-    ) -> Option<(AllocId, Size)> {
-        intptrcast::GlobalStateInner::abs_ptr_to_rel(ecx, ptr)
+    ) -> Option<(AllocId, Size, Pointer<Self::PointerTag>)> {
+        let rel_ptr = intptrcast::GlobalStateInner::abs_ptr_to_rel(ecx, ptr);
+        rel_ptr.map(|(alloc_id, size)| {
+            let new_ptr =
+                ptr.map_provenance(|t| Tag { alloc_id: AllocType::Concrete(alloc_id), ..t });
+
+            (alloc_id, size, new_ptr)
+        })
     }
 
-    fn expose_addr(ecx: &MiriEvalContext<'mir, 'tcx>, ptr: Pointer<Self::PointerTag>) {
-        intptrcast::GlobalStateInner::expose_addr(ecx, ptr)
+    fn expose_ptr(ecx: &InterpCx<'mir, 'tcx, Self>, ptr: Pointer<Self::PointerTag>) {
+        let (tag, _) = ptr.into_parts();
+
+        if let AllocType::Concrete(alloc_id) = tag.alloc_id {
+            intptrcast::GlobalStateInner::expose_addr(ecx, alloc_id);
+
+            if let Some(stacked_borrows) = &ecx.machine.stacked_borrows {
+                stacked_borrows.borrow_mut().expose_ptr(tag.sb)
+            }
+        }
     }
 
     #[inline(always)]
@@ -630,12 +641,18 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
         tag: Tag,
         range: AllocRange,
     ) -> InterpResult<'tcx> {
+        let alloc_id = if let AllocType::Concrete(alloc_id) = tag.alloc_id {
+            alloc_id
+        } else {
+            bug!("`memory_read` called with non-concrete tag")
+        };
+
         if let Some(data_race) = &alloc_extra.data_race {
-            data_race.read(alloc_extra.alloc_id, range, machine.data_race.as_ref().unwrap())?;
+            data_race.read(alloc_id, range, machine.data_race.as_ref().unwrap())?;
         }
         if let Some(stacked_borrows) = &alloc_extra.stacked_borrows {
             stacked_borrows.memory_read(
-                alloc_extra.alloc_id,
+                alloc_id,
                 tag.sb,
                 range,
                 machine.stacked_borrows.as_ref().unwrap(),
@@ -653,12 +670,18 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
         tag: Tag,
         range: AllocRange,
     ) -> InterpResult<'tcx> {
+        let alloc_id = if let AllocType::Concrete(alloc_id) = tag.alloc_id {
+            alloc_id
+        } else {
+            bug!("`memory_written` called with non-concrete tag")
+        };
+
         if let Some(data_race) = &mut alloc_extra.data_race {
-            data_race.write(alloc_extra.alloc_id, range, machine.data_race.as_mut().unwrap())?;
+            data_race.write(alloc_id, range, machine.data_race.as_mut().unwrap())?;
         }
         if let Some(stacked_borrows) = &mut alloc_extra.stacked_borrows {
             stacked_borrows.memory_written(
-                alloc_extra.alloc_id,
+                alloc_id,
                 tag.sb,
                 range,
                 machine.stacked_borrows.as_mut().unwrap(),
@@ -676,19 +699,21 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> {
         tag: Tag,
         range: AllocRange,
     ) -> InterpResult<'tcx> {
-        if Some(alloc_extra.alloc_id) == machine.tracked_alloc_id {
-            register_diagnostic(NonHaltingDiagnostic::FreedAlloc(alloc_extra.alloc_id));
+        let alloc_id = if let AllocType::Concrete(alloc_id) = tag.alloc_id {
+            alloc_id
+        } else {
+            bug!("`memory_deallocated` called with non-concrete tag")
+        };
+
+        if Some(alloc_id) == machine.tracked_alloc_id {
+            register_diagnostic(NonHaltingDiagnostic::FreedAlloc(alloc_id));
         }
         if let Some(data_race) = &mut alloc_extra.data_race {
-            data_race.deallocate(
-                alloc_extra.alloc_id,
-                range,
-                machine.data_race.as_mut().unwrap(),
-            )?;
+            data_race.deallocate(alloc_id, range, machine.data_race.as_mut().unwrap())?;
         }
         if let Some(stacked_borrows) = &mut alloc_extra.stacked_borrows {
             stacked_borrows.memory_deallocated(
-                alloc_extra.alloc_id,
+                alloc_id,
                 tag.sb,
                 range,
                 machine.stacked_borrows.as_mut().unwrap(),